Awaken your inner geek

Apache 2 – Password protecting a directory using .htaccess

by admin on February 16, 2019

Recently I was asked to set up a small e-commerce website and I wanted to ensure certain directories could only be accessed by those who needed to. One of those pages was phpmyadmin which if brute forced, could cause a lot of damage. Despite having a strong password for phpmyadmin, it only makes sense to hide it further behind a password prompt using .htaccess.

To begin with this was added to the .htaccess file in the directory we wish to protect.

After which a .htpasswd file was generated. I chose to generate this file in a directory not accessible to the web.

htpasswd -c /location/of/.htpasswd username_of_choice

At this point you will be prompted to enter a password, and to then repeat that password. This may be repeated for as many users as you require, if more users are added bear in mind the -c switch clears the file each time, so consider removing it for subsequent users.

As always a lot more information on this is available on Apache documentation as well as in your terminal: